CVE-2024-8216

Name of the Vulnerable Software and Affected Versions: nafisulbari/itsourcecode Insurance Management System version 1.0

Description: A critical issue has been found in the Insurance Management System, affecting some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument recipt no leads to improper access controls, allowing for remote attacks. The vendor was contacted about this disclosure but did not respond.

Recommendations: For version 1.0, as a temporary workaround, consider restricting access to the editPayment.php file until a patch is available. Avoid using the argument recipt no in the affected Payment Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.